Skip to content

Commit

Permalink
config: Create helmet config
Browse files Browse the repository at this point in the history
  • Loading branch information
@bush1D3v
bush1D3v committed Nov 9, 2024
1 parent 516b74d commit 3d1c03b
Showing 1 changed file with 48 additions and 0 deletions.
48 changes: 48 additions & 0 deletions api/src/config/helmet.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
import helmet from "helmet";

export default helmet({
contentSecurityPolicy: {
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'"],
styleSrc: ["'self'"],
imgSrc: [
"'self'",
"https://s2.coinmarketcap.com",
"https://static2.finnhub.io",
"https://s3-symbol-logo.tradingview.com",
],
connectSrc: [
"'self'",
"https://pro-api.coinmarketcap.com",
"https://brapi.dev",
"https://cdn.moeda.info",
"https://finnhub.io",
],
fontSrc: ["'self'", "https://fonts.googleapis.com", "https://fonts.gstatic.com"],
objectSrc: ["'none'"],
upgradeInsecureRequests: [],
},
reportOnly: true,
useDefaults: false,
},
dnsPrefetchControl: {allow: false},
frameguard: {action: "sameorigin"},
hidePoweredBy: true,
hsts: {
maxAge: 31536000, // 1 year
includeSubDomains: true,
preload: true,
},
ieNoOpen: true,
noSniff: true,
permittedCrossDomainPolicies: {
permittedPolicies: "master-only",
},
referrerPolicy: {policy: "no-referrer"},
xssFilter: true,
crossOriginOpenerPolicy: {policy: "unsafe-none"},
crossOriginEmbedderPolicy: {policy: "unsafe-none"},
crossOriginResourcePolicy: {policy: "same-origin"},
originAgentCluster: true,
});

0 comments on commit 3d1c03b

Please sign in to comment.